This document discusses the configuration of the Intrusion Prevention
System (IPS) TCP Reset using the IPS Manager Express (IME). IME and IPS Sensors
are used to manage a Cisco router for TCP Reset. When you review this
configuration, remember these items:

The information in this document is based on these software and
hardware versions:

Cisco IPS Manager Express 7.0

Cisco IPS Sensor 7.0(0.88)E3

Cisco IOS® router with Cisco IOS Software Release
12.4

The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.

Shunning works out of the command and control port to reprogram the
router access control lists (ACLs). The TCP Resets are sent from the
sniffing interface of the Sensor. When you set
span in the switch, use the set span
<src_mod/src_port><dest_mod/dest_port> command with
both incoming packets enabled as shown here.